security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,169 Commits 1 Branch 57 Tags
cd4491cba2fe03876ea46ba3b9195e45fe5ce021
Commit Graph

89 Commits

Author SHA1 Message Date
Florian Roth a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Florian Roth 30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00
Florian Roth 0a83f91386 Merge pull request #1321 from d4rk-d4nph3/master 
Fixed typo in file format
 2020-12-28 09:13:48 +01:00
Bhabesh Rai bf77c8266a Fixed typo in file format 2020-12-28 11:46:02 +05:45
Florian Roth 896fc21911 Merge pull request #1320 from d4rk-d4nph3/master 
Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass
 2020-12-27 20:37:36 +01:00
Florian Roth a6212a4490 style: some minor style changes 2020-12-27 20:06:19 +01:00
Bhabesh Rai 1cfad987b0 Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass 2020-12-27 17:34:49 +05:45
Florian Roth 821af35557 Merge pull request #1313 from Neo23x0/rule-devel 
Rule devel
 2020-12-23 13:57:11 +01:00
Florian Roth e67d17a967 rule: improved solarwinds webshell rule 2020-12-22 10:36:34 +01:00
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth 9c8e1387a9 rule: Solarwinds SUPERNOVA web shell access 2020-12-17 09:05:08 +01:00
Florian Roth cfe60d180b Merge pull request #1301 from d4rk-d4nph3/master 
Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.
 2020-12-08 11:09:51 +01:00
Florian Roth 2c642c64d2 Removed a value 2020-12-08 10:38:32 +01:00
Florian Roth a87a81d8cc Update web_fortinet_cve_2018_13379_preauth_read_exploit.yml 2020-12-08 10:33:52 +01:00
Bhabesh Rai 3ddf940812 Added rule for Fortinet CVE-2018-13379 preauth file read exploitation. 2020-12-08 14:46:47 +05:45
mat b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Florian Roth 908023fa66 rule: added second expression 2020-11-04 16:43:35 +01:00
Florian Roth f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Mike Wade 1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Alexey Lednyov cf011e4a00 Removed duplicate key 'modified' 2020-09-03 17:12:37 +03:00
Alexey Lednyov 1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Florian Roth 5625f471d7 Merge pull request #963 from diskurse/rule-devel 
win_webshell_regeorg.yml
 2020-08-03 13:51:16 +02:00
Florian Roth 3abc3d0a76 docs: add FP condition 2020-08-03 13:50:47 +02:00
Florian Roth 6f7aecbe06 fix: preventive change to avoid FPs 2020-08-03 13:49:52 +02:00
Cian Heasley de33b953ba Add files via upload 
Webshell ReGeorg Detection Via Web Logs
 2020-08-03 12:20:04 +01:00
Ryan Plas 3bb45f00af Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values 2020-07-11 00:00:21 -04:00
Florian Roth 129925ce0b rule: improved Citrix rule 2020-07-10 18:15:35 +02:00
Florian Roth 383953c74e rule: better rule name and descriptions, plus MITRE ATT&CK tags 2020-07-10 17:55:13 +02:00
Florian Roth 0d89208242 rule: updated Citrix rule 2020-07-10 17:49:18 +02:00
Florian Roth eda08e3a89 rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 2020-07-10 17:45:11 +02:00
Florian Roth acfe20aa34 rule: extended F5 BIG-IP exploitation detection rule 2020-07-07 21:45:08 +02:00
Florian Roth 13ab00f744 improved F5 BIG-IP rule based on private feedback 2020-07-05 16:21:48 +02:00
Florian Roth fbe6c0e7d9 improved F5 BIG-IP rule 2020-07-05 13:29:30 +02:00
Florian Roth f079d0f915 rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt 
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
 2020-07-05 13:18:53 +02:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth cdf1ade625 fix: typo in selection 2020-05-26 12:27:16 +02:00
Florian Roth 828484d7c6 rule: confluence exploit CVE-2019-3398 2020-05-26 12:09:41 +02:00
neu5ron b575df8cd7 use the taxonomy for http response which is sc-status 2020-03-14 15:02:33 -04:00
neu5ron 4cd99e71bf use the taxonomy which states to use c-uri instead of c-uri-path 2020-03-14 15:02:06 -04:00
neu5ron d212d43acf spelling 2020-03-14 14:58:25 -04:00
Florian Roth 15a400ac51 fix: fixing bug in rule 2020-02-29 15:51:00 +01:00
Florian Roth fa6458b70f rule: two rules to detect CVE-2020-0688 exploitation 2020-02-29 15:45:45 +01:00
Remco Hofman 4f45e14a56 Match on c-uri instead of c-uri-path 2020-02-27 13:23:25 +01:00
Remco Hofman ff35eb0052 Title capitalization 2020-02-27 12:56:56 +01:00
Remco Hofman 72e34d2aa5 CVE 2020-0688 Exploit attempt rule 2020-02-27 12:51:10 +01:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
2d4d e35ebcc185 complete_cve_2019-19781 2020-01-15 21:59:33 +01:00
Florian Roth 5ef64e4e99 rule: changes at Shitrix rule 2020-01-13 20:15:08 +01:00